[llvm] r243927 - [UB] Fix a nasty place where we would pass null pointers to memcpy.

Chandler Carruth chandlerc at gmail.com
Mon Aug 3 18:17:06 PDT 2015 

Should probably pull this into the release as it fixes something that could
miscompile in the future with a new host compiler.

On Mon, Aug 3, 2015 at 5:49 PM Chandler Carruth <chandlerc at gmail.com> wrote:

> Author: chandlerc
> Date: Mon Aug  3 19:44:07 2015
> New Revision: 243927
>
> URL: http://llvm.org/viewvc/llvm-project?rev=243927&view=rev
> Log:
> [UB] Fix a nasty place where we would pass null pointers to memcpy.
>
> This happens to work, but is not guaranteed to work. Indeed, most memcpy
> interfaces in Linux-land annotate these arguments as nonnull, and GCC
> and LLVM both can and do optimized based upon that. When they do so,
> they might legitimately have miscompiled code calling this routine with
> two valid iterators, 'nullptr' and 'nullptr'. There was even code doing
> precisely this because StringRef().begin() and StringRef().end() both
> produce null pointers.
>
> This was found by UBSan.
>
> Modified:
>     llvm/trunk/include/llvm/ADT/SmallVector.h
>
> Modified: llvm/trunk/include/llvm/ADT/SmallVector.h
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/ADT/SmallVector.h?rev=243927&r1=243926&r2=243927&view=diff
>
> ==============================================================================
> --- llvm/trunk/include/llvm/ADT/SmallVector.h (original)
> +++ llvm/trunk/include/llvm/ADT/SmallVector.h Mon Aug  3 19:44:07 2015
> @@ -315,8 +315,10 @@ protected:
>                                             T2>::value>::type * = nullptr)
> {
>      // Use memcpy for PODs iterated by pointers (which includes
> SmallVector
>      // iterators): std::uninitialized_copy optimizes to memmove, but we
> can
> -    // use memcpy here.
> -    memcpy(Dest, I, (E-I)*sizeof(T));
> +    // use memcpy here. Note that I and E are iterators and thus might be
> +    // invalid for memcpy if they are equal.
> +    if (I != E)
> +      memcpy(Dest, I, (E - I) * sizeof(T));
>    }
>
>    /// Double the size of the allocated memory, guaranteeing space for at
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150804/b9bf27ca/attachment.html>

More information about the llvm-commits mailing list